Enforce that the initial attestation partition has the required
initial attestation key provisioned.
If the initial attestation key (IAK) is not present during boot of
TF-M the system will panic during initialization.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Prevents Zephyr from enabling the initial attestation service in TF-M,
due to a dependency it has on an incompatibly-licensed library (QCBOR).
This update checks if either of the following config flags are
enabled at build time:
- `CONFIG_TFM_PARTITION_INITIAL_ATTESTATION`
- `CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION`
If either of these are set to true, a fatal error will be thrown at
build time, indicating the reason for the failure.
This change can be reverted once a longer term solution to the QCBOR
license issues has been resolved.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
The TF-M platform partition has now been ported to PSA firmware
framework 1.1 and can now be used together with the SFN model.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
In TF-M 1.7.0 release the Library model has been removed.
Remove the library model support from zephyr before updating TF-M
version.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Signed-off-by: David Brown <david.brown@linaro.org>
Add option to enable the SFN model when building TF-M.
The SFN model will eventually replace the Library model.
Change the default model to be IPC, which follows the default
configuration of TF-M.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Previously, MCUBOOT_DATA_SHARING was enabled when BL2 was built
and when the firmware update partition was present. This is not
the only situation that you might be interested in this data
sharing. The data sharing now has it's own Kconfig.
Further, use of the firmware update partition requires data
sharing, so it selects it.
Signed-off-by: Jimmy Brisson <jimmy.brisson@linaro.org>
This commit adds a sample application demonstrating how to use
the PSA Firmware Update API from TF-M. It also enables the
`FIRMWARE_UPDATE` partition to be included at build time.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Signed-off-by: Jimmy Brisson <jimmy.brisson@linaro.org>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Add config to disable all TF-M output. This configuration is needed
in order to exclude the UART driver through a select in Kconfig
when either the code size optimization or the UART instance requires it.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add Kconfig options for configuring TF-M log options.
- Partition log level
- SPM log level
- Exception info dump
Set log level to "info" which is the default in upstream TF-M.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The TF-M project is higly configurable and we end up having
a growing number of Kconfig option definitions in the main
Kconfig file. This commit splits out the configuration options
for the TF-M partition and for the crypto partition configuration
into separate Kconfig files, for ease of reading. The commit
does not introduce behavioral changes.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
